首页 > 网络 > 云计算 >

利用openstack建设适合中小型互联网企业的私有云(三)

2017-01-05

利用openstack建设适合中小型互联网企业的私有云。CentOS 7 3 系统安装、系统初始化。

利用openstack建设适合中小型互联网企业的私有云。CentOS 7.3 系统安装、系统初始化:

一、系统安装

1.服务器至少四块硬盘,做raid 5,磁盘初始化

2.系统分区

/boot 2G

swap 8G

/ 50G

/var 剩余磁盘

3.选择最小化安装系统

二、系统初始化

这里写了一个初始化脚本centos7_init.sh供参考,对应参数自行修改:

#!/bin/bash
#:***********************************************
#:Program:centos7_init_shell
#:
#:Author:ylhb
#:
#:History:2016-08-25
#:
#:Version:3.0
#:***********************************************
cat <<eof +--------------------------------------------------------------+="" |="==" welcome="" to="" system="" init="==" eof="" date="`date" +%y_%m_%d:%h_%m_%s`="" init_log="system_init_$DATE.log" #1.del_user_and_group_config="" user="(adm" lp="" shutdown="" halt="" operator)="" for="" i="" in="" `echo="" ${user[*]}`="" do="" if="" grep="" -qs="" "$i"="" etc="" passwd;then="" usr="" sbin="" userdel="" $i="" else="" echo="" "$i="" is="" no="" exist"="" fi="" done="" group="(adm" dip)="" ii="" ${group[*]}`="" "$ii"="" group;then="" groupdel="" $ii="" "$ii="" [="" "$?"="=" "0"="" ];then="" "$date="" [del_user_and_group_config]="" [success]"="">> /root/${INIT_LOG}
fi
#2.add_users_config
#指定UID,密码不能明文显示
/usr/sbin/useradd -u 1001 -m -G 10 ylhb
sed -i &#39;/ylhb/s#\!\!#\$6\$bThzZvdb\$sJVzJ\.BKw11111111111111111111ty87MCdQ4co1111111NUjRlbEgboQAcpy3XMG80#g&#39; /etc/shadow

USER1=(ylhb)
for yl in `echo ${USER1[*]}`
do
	if grep -qs "$yl" /etc/passwd;then
		echo "$DATE $yl is added success" >>/root/${INIT_LOG}
	fi
done
#3.sudoer_config
echo -e "Defaults    requiretty" >> /etc/sudoers
echo -e "User_Alias SYSADMINS = ylhb" >> /etc/sudoers
echo -e "SYSADMINS       ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
echo "$DATE [sudoer_config] is [success]" >>/root/${INIT_LOG}
#4.limits_config
echo "*                soft   nofile          65535" >>/etc/security/limits.conf
echo "*                hard   nofile          65535" >>/etc/security/limits.conf
echo "*                soft   noproc          65535" >>/etc/security/limits.conf
echo "*                hard   noproc          65535" >>/etc/security/limits.conf
sed -i &#39;/4096/s/4096/65535/g&#39; /etc/security/limits.d/20-nproc.conf
echo "$DATE [limits_config] is [success]" >>/root/${INIT_LOG}
#5.sysctl_config
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 10240" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 5000    65000 " >> /etc/sysctl.conf
sysctl -p
echo "$DATE [sysctl_config] is [success]" >>/root/${INIT_LOG}
#6.history_config
echo "export HISTSIZE=20000" >> /etc/profile
source /etc/profile
echo "$DATE [history_config] is [success]" >>/root/${INIT_LOG}
#7.pass_length and login count limit
sed -i &#39;25s/99999/90/g&#39; /etc/login.defs
sed -i &#39;27s/5/8/g&#39; /etc/login.defs
sed -i &#39;5i auth        required      /lib64/security/pam_tally2.so deny=3 unlock_time=300&#39; /etc/pam.d/system-auth
#8.disable_firewalld_and_selinux_config
systemctl disable firewalld.service
systemctl stop firewalld.service
sed -i &#39;/SELINUX/s/enforcing/disabled/g&#39; /etc/sysconfig/selinux
sed -i &#39;/SELINUX/s/enforcing/disabled/g&#39; /etc/selinux/config
setenforce 0
echo "$DATE [disable_selinux_config] is [success]" >>/root/${INIT_LOG}
#9.maxlogins_config
echo "ylhb          -       maxlogins       5" >> /etc/security/limits.conf
echo "$DATE [maxlogins_config] is [success]" >>/root/${INIT_LOG}
#10.DNS config
MASK=`ifconfig | grep -w "inet" | grep -v 127.0.0.1|awk -F&#39;:&#39; &#39;{print $2}&#39;|sed &#39;s/ Bcast$//g&#39;| awk -F&#39;.&#39; &#39;{print $1"."$2}&#39;`

echo $MASK
if [ $MASK = "1.1" -o $MASK = "1.2" ]
then
cat > /etc/resolv.conf << EOF
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
EOF
else
    :
fi
#11.sshd_config
sed "s/#Port 22/Port 22/g" /etc/ssh/sshd_config -i
sed "s/^#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config -i
sed "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config -i
sed &#39;s/#PermitRootLogin yes/PermitRootLogin no/g&#39; /etc/ssh/sshd_config -i
sed &#39;s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g&#39; /etc/ssh/sshd_config -i
sed &#39;s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g&#39; /etc/ssh/ssh_config -i
systemctl restart sshd.service
echo "$DATE [sshd_config] is [success]" >>/root/${INIT_LOG}
#12.yum resource config
mv /etc/yum.repos.d/* /tmp/
wget -P /etc/yum.repos.d/ http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo}
yum clean all
yum install vim net-tools gcc gcc-c++ openssl-devel python-devel tree ntpdate wget telnet tcpdump -y
read -p "Do you want to reboot the system?" want
                    case $want in

                                 yes)
                                 echo "reboot now!"
                                 reboot
                                 ;;

                                 no)
                                 echo "init over!"
                                 ;;

                                 *)
                                 echo "please useage yes or no! thanks"
                                 ;;

                    esac

相关文章
最新文章
热点推荐